A irule of source IP and IP after SNAT

Question

After the SNAT config used SNAT pool, Customer requested that record the correspondence of source IP and IP after SNAT to file /var/log/ltm. Request every connections, such as TCP、UDP etc.&nbsp;
Anyone can help me?&nbsp;

jason_40733 · Accepted Answer

Here's another link with an example of logging the entire connection.. client, client(snat) and server for TCP.&nbsp;
https://devcentral.f5.com/questions/how-to-monitor-internal-ip-translate-to-which-ip-snat-in-pool&nbsp;
Example from that link is here.&nbsp;
rule myrule {
   when SERVER_CONNECTED {
  log local0. ""
  log local0. "cs client [IP::client_addr]:[TCP::client_port]"
  log local0. "cs server [clientside {IP::local_addr}]:[clientside {TCP::local_port}]"
  log local0. "ss client [IP::local_addr]:[TCP::local_port]"
  log local0. "ss server [IP::remote_addr]:[TCP::remote_port]"
}
}&nbsp;

jason_40733 · Answer

Here is a good question/answer on writing irules for logging connections.  &nbsp;
https://devcentral.f5.com/questions/writing-an-irule-to-log-all-traffic&nbsp;
It includes examples for logging TCP and UDP traffic.   Though it does not show you how to log the SNAT'd IP address.&nbsp;
Jason&nbsp;

kong5_153476 · Answer

Thanks, for your method, I have succeed to log the SNAT‘s IP with TCP type connections to the /var/log/ltm.

Forum Discussion

A irule of source IP and IP after SNAT

3 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap

F5 XC vk8s workload with Open Source Nginx

iRules Style Guide

F5 XC vk8s open source nginx deployment on RE

The Power of Source Address